On 09/10, Kees Cook wrote: > > On Mon, Sep 10, 2018 at 10:43 AM, Oleg Nesterov <o...@redhat.com> wrote: > > > > with this patch > > > > #define MAX_ARG_STRINGS 0x7FFFFFFF > > > > doesn't match the reality. perhaps something like below makes sense just > > to make it clear, but this is cosmetic. > > Part of the discussion from back then was basically "we don't have > hard-coded limits so programs need to check dynamically themselves". > > I'd prefer to leave it all well enough alone since I don't want to > introduce regressions here in the face of the many many Stack Clash > style weaknesses.
I simply can't understand... Perhaps you too misunderstood me, I only tried to say that count() can stop earlier, it is pointless to continue to count the arg/env strings after argc + envc > _STK_LIM / 4 * 3 / 2, copy_strings() will fail anyway. Oleg.